This article has been indexed from CSO Online
Software composition analysis definition
Software composition analysis (SCA) refers to obtaining insight into what open-source components and dependencies are being used in your application, and how—all in an automated fashion. This process serves the purpose of assessing the security of these components and any potential risks or licensing conflicts brought forth by them. Incorporating SCA tools in your software development workflow correctly is a significant step toward strengthening the security and integrity of the software supply chain by ensuring any borrowed code doesn’t introduce security risks or legal compliance issues into your products.
Read the original article: Software composition analysis explained, and how it identifies open-source software risks